The GDPR, with the so-called “right to transparency“, gives people the right to know what your organization knows about them and how you use that information. The data subject rights you need to facilitate are:
These rights are collectively referred to as the “subject rights” or “rights of the data subject“. By submitting a DSAR (Data Subject Access Request), the data subject can exercise their rights.
You are required to provide all requested information and the requester does not have to provide a reason for doing so. You should also be able to present the status of current and previously exercised rights.
In order to comply with data subject requests, you must be able to provide information about your use of personal data quickly and efficiently. Data subjects may request, among other things:
DSR management can become an intensive task that takes up a lot of time. Especially if you do not keep all personal information in one convenient place. You also need to keep an up-to-date overview of how, where and by whom these data are used. Responding efficiently to a DSAR therefore requires a well-considered and structured approach.
Any organization can receive a DSAR. It doesn’t matter if you are a large or a small organization. Also realize that a single action such as a payment can quickly trigger ten underlying processing operations that all keep track of data. Think sales data, banking transactions, marketing, warehouse management, delivery or support.
Responding correctly to a DSAR requires an organized process. You need to know which systems store personal data, in what way and for what purpose. You also need to be able to search these systems quickly to find and modify personal data.
Co-Dex.eu helps you to link data points intelligently. Building on the central register of personal data and linked processing agreements, you get an easily accessible data management to adequately respond to a data subject’s request. Well-managed personal data makes all the difference. Especially if you should ever have to defend yourself if challenged by regulators around your personal data procedures.
Do data subjects want to have their data amended? Co-Dex.eu allows you to find out where their data is being used so that you can quickly adapt it to make sure it is used correctly everywhere.
Is someone asking what personal data you process or why you do that? Then follow the following steps to answer GDPR compliant.